This document provides an overview of Docker for developers. It begins with an agenda that covers Docker containers, images, networking, volumes, UI tools, Dockerfiles, Docker Compose, and best practices. It then defines Docker and containers, discusses the benefits of containers over virtual machines. It covers key Docker concepts like images, containers, registries. It also discusses tools like Dockerfile, Docker Compose, Portainer, Kitematic. The document provides examples of common Docker commands and best practices for using resources efficiently and securely.

1. Docker for Developers
ANDRZEJ SYDOR

2. Agenda
 Docker introduction
 Containers: run, start, stop, rm, ps
 Images: pull, push, import, export, save, load
 Networking
 Volumes
 UI tools
 Dockerfile
 Docker Compose
 Best practices

3. Docker
 Docker is the leading software container platform
 Founded in 2013 as Linux developer tool
 Fundamentally solves the „works on my machine” problem
 Container industry inventor, leader and innovative
 Transform app and infrastructure security, portability, agility and efficiency

4. One Application on One
Physical Server
 Limitations
 Slow development times
 Huge costs
 Wasted resources
 Difficult to scale
 Difficult to migrate
 Vendor lock in

5. Hypervisior – Based
Virtualization
 Benefit:
 Better resource pooling
 One physical machine divided into multiple virtual machines
 Easier to scale
 VMs in the cloud
 Rapid elasticity
 Pay as you go model
 Limitations:
 Each VM stills requires:
 CPU limitations
 Storage
 RAM
 An entire guest operating system
 Full guest OS means wasted resources
 Application portability not guaranteed

6. Docker
 Standarized packaging for software and
dependencies
 Isolate apps from each other
 Share the same OS kernel
 Works with all major Linux and Windows
Server

8. Key Benefits of Docker Containers
 Speed
 No OS to boot – applications online in seconds
 Portability
 Less dependencies between proces layers = ability to move between infrastructure
 Efficiency
 Less OS overhead
 Improved resource efficiency

9. WORA / PODA / CaaS
 WORA = Write Once Run Anywhere {J,W,E}AR
 PODA = Package Once Deploy Anywhere
 CaaS = Container as a Service

10. Docker
 Image
 The basis of a Docker container
 Container
 The image when it is ‚running’
 Registry
 Stores, distributes and manages Docker images
 Dockerfile
 Commands to assemble an image
 Docker Compose
 Define and share multi-container definitions

11. Docker
 Docker Engine
 The client-server application contains Docker daemon, REST API, CLI
 Docker Machine
 A tool to launch Docker hosts on multiple platforms
 Docker Client
 Command-line interface to interact with Docker daemons
 Docker Hub
 Repository for Docker Images
 Docker Store
 A storefront for official Docker images and plugins as well as licensed products

12. Docker Engine

13. Docker Architecture

14. docker run
 docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]
 -d -> detached
 -t -> allocate a pseudo-tty
 -i -> keep STDIN open even if not attached
 --name -> container name
 --rm -> delete container when it exists
 -P [--publish-all] -> publish exposed ports to random ports
 -p [-publish] -> publish a container’s ports to the host

16. Docker Images Layers
 Layers are read only
 An image is a collection of files and some
meta data
 Images are comprised of multiple layers
 A layer is also contains software you want to
run
 Each image contains a base layer
 Docker uses a copy on write systems

17. Docker layers
docker image history <container-id>

18. Docker Sharing Layers
 Images can share layers in order to speed up transfer times and optimize disk and
memory usage
 Parent images that already exists on the host do not have to be downloaded

19. Docker pull / push
 docker pull [OPTIONS] NAME[:TAG]
 Pull an image or a repository from a registry (e.g. Docker Hub)
 docker push [OPTIONS] NAME[:TAG]
 Push an image or a repository from a registry (e.g. Docker Hub)

20. save / load / export / import
 docker save [OPTIONS] IMAGE [IMAGE]
 Save one or more images to a tar archive registry (e.g. Docker Hub)
 docker load [OPTIONS] NAME[:TAG]
 Load an image from a tar archive or STDIN
 docker export [OPTIONS] CONTAINER
 Export a container’s filesystem as a tar archive
 docker import [OPTIONS]
 Import the contents from a tarball to create a filesystem image

21. Docker commit
 docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
 -m Commit message
 -p Pause container during commit
 -c Apply Dockerfile instruction to the created image
 docker commit -m `message` <container-id> <container-name>:<version>

23. Docker flatten
docker export <container> | docker import - <image>
- Experiental flag
--squash

24. Docker flatten

25. Docker
Volumes

26. Volumes
 docker volume ls
 docker run –v
 -v [--volume]
 -m [--mount]

28. Networking
 IPAM (IP address management)
 Planning, tracking and managing IP addressess within the network
 IPAM has DNS and DHCP services
docker inspect -f='{{json .Containers}}’ <network>
docker inspect --format='{{.NetworkSettings.IPAddress}}’ <network>

29. Network drivers
 bridge
 Standalone containers that need to communicate
 none
 Disable all networking
 host
 Use the host’s networking directly (swarm services)
 overlay
 distributed network among multiple Docker daemon hosts
 Links
 Legacy container links

31. Portainer
 Docker UI
 „The easiest way to manage docker”
 https://www.portainer.io/

32. Portainer
 https://portainer.io/overview.html
 Detailed overview
 Containers (List, Details, Stats, Logs, Console, Creation)
 Images (List, Details)
 Network (List)
 Volumes (List)
 Container Templates
 Cluster overview
 Services Management
 Endpoint Management
 User Management and User Access Control

33. Portainer

34. Portainer
docker volume create portainer_data
docker run –name=portainer
-d -p 9000:9000
-v /var/run/docker.sock:/var/run/docker.sock
-v /opt/portainer:/data
portainer/portainer

35. Kitematic
 Visual Docker Container Management on Mac & Windows
 Run containers through a simple, yet powerful graphical user interface.
 https://kitematic.com/

36. Kitematic
 Fast and Easy Setup
 Docker Hub Integration
 Seamless Experience Between CLI and GUI
 Advantaged Features
 Automatically map ports
 Configuring volumes
 Change environment variables
 Streamline logs
 CLI access to containers

37. Kitematic

38. Docker Desktop for Windows
 Docker Desktop for Windows is the best way to get started with Docker on
Windows
 https://docs.docker.com/docker-for-windows/
 Auto update capability
 No additional software required, e.g. Virtualbox
 Windows: Hyper-V VM
 Better networking and filesystem mounting/notification
 Requires Windows 10 64-bit (Yosemite 10.10+)
 Legacy desktop solution boundled with Docker Toolbox.

39. Docker for AWS/Azure
 Amazon Web Services
 Amazon CloudFormation templates
 Integrated with Autoscaling, ELB, EBS
 Azure
 Integrated with VM Scale Sets for autoscaling, Azure Load Balancer, Azure Storage

40. Dockerfile
 FROM – Docker base
 FROM alpine:latest
 LABEL – extra information
 LABEL maintainer = ‘”Andrzej Sydor”
 COPY/ADD
 COPY build/app.jar /etc/app.jar
 ADD http://resource/files/html.tar.gz /usr/share/nginx/
 RUN – commands to install software and run scripts
 RUN mkdir –p /tmp/myapp/
 EXPOSE – the port and the protocol exposed in runtime
 EXPOSE 80/tcp
 ENTRYPOINT/CMD
 USER / WORKDIR / ENV

41. Dockerfile
FROM ubuntu:18.04
COPY . /app
RUN make /app
CMD python /app/app.py

42. Docker Build
 docker image build –file <Dockerfile> --tag <REPO>:<TAG>
 <REPO> - typically username on Docker Hub
 <TAG> - unique container value
 docker image build --tag local:dockerfile-example .
 .(dot) – current folder

43. Docker – Environmental variables
 ARG <key>[=<default value>]
 Build time arguments ( --build-arg <key>=<value> )
 ENV <key> <value>
 ENV <key>=<value>
 Environmental variables

44. Dockerfile
FROM alpine
ARG var="Default Hello World!"
ENV ENV1=$var
RUN echo "Build value: $ENV1"
ENTRYPOINT echo "Runtime value: $ENV1"

45. Docker env
docker build -t env-image .
docker run -d --name env-app env-image
docker logs env-app
docker run -d --name env-app2 -e ENV1=‘cmd env' env-image
docker logs env-app2

47. Multi-stage Dockerfile
# first stage
FROM node:10 AS builder
WORKDIR /app
RUN npm install -g @angular/cli
RUN ng new my-app --routing=true --style=css --skipGit=true --minimal=true
WORKDIR /app/my-app
RUN ng build --prod
# second stage
FROM nginx
COPY --from=builder /app/my-app/dist/my-app/ /usr/share/nginx/html

49. Docker Compose
 Tool for defining and running multi-container Docker applications
 YAML configuration (docker-compose.yml)
 Features:
 Multiple isolated environments on a single host
 Preserve volume data when containers are created
 Only recreate containers that have changed
 Variables and moving a composition between environments

50. Docker Compose
version: ‘3'
services:
web:
build: .
ports:
- "5000:5000"
volumes:
- .:/code
redis:
image: redis

51. Docker Compose
docker-compose up –d --build
docker-compose stop
docker-compose rm -f

52. Demo
version: '3'
services:
web1:
...
web2:
...
networks:
- net1
curl:
...
networks:
- net1
networks:
net1:
curl
web1
web2

53. Storing images
 Docker Registry
Docker Hub
Docker Store

54. Docker Registry
 Service that storing your Docker images
 Open source – Apache license
 Tightly control where your images are being stored
 Fully own your images distribution pipeline
 Integrate image storage and distribution tightly into your in-house development
Filesystem
/var/lib/registry

55. Docker Registry
docker run -d -p 5000:5000 --name registry registry:2
docker image tag alpine localhost:5000/myfirstimage
docker push localhost:5000/myfirstimage
docker pull localhost:5000/myfirstimage
docker container stop registry &&
docker container rm -v registry

56. Docker Hub
 Docker Hub
 Free for public images
 Organizations
 Repository
 Automated build (GitHub, BitBucket)

57. Docker HUB
 docker login
 docker build --tag username/my-container:latest
.
 docker image push username/my-container:latest

58. Docker Store
 Docker Store
 Docker images and plugins
 Docker Certified

59. Third-party registries
 Red Hat Container Catalog
 OpenShift
 Jfrog
 Quay.io
 Amazon EC2 Container Registry
 Others: Microbadger e.g. inspect image

60. Java Maven / Gradle plugins
 Maven plugin
 https://dmp.fabric8.io/
 https://github.com/spotify/docker-maven-plugin
 Gradle plugin
 https://bmuschko.github.io/gradle-docker-plugin/

61. Docker – CPU/Memory
 By default, a container can consume all available resources on the host machine if it
requires it
 Limit CPU usage
 -c / --cpu-shares=1024
 --cpu-period=25000 (microseconds)
 --cpu-quota=25000 (microseconds)
 Limit memory usage
 --memory 1024M
 --memory-swap 1024M
 By default, when you set --memory, docker will set the --memory-swap size twice
 --kernel-swap 1024M
Java 10

62. Docker – CPU/Memory - examples
docker container inspect <container> | grep -i memory
docker container run -d --name <container> --cpu-shares 512 --memory 128M <image>
docker container update --cpu-shares 512 --memory 256M <image>
docker container update --cpu-shares 512 --memory 128M --memory-swap 256M <image>

63. Docker - best practices
 One application per container
 Only install what you need
 Review who has access to your Docker hosts
 Use the latest version
 Use the resources
 Awesome docker
 https://awesome-docker.netlify.com/
 https://github.com/veggiemonk/awesome-docker

64. Look for minimal images !?
Image Size
openjdk:8 625MB
openjdk:8-jre 470MB
openjdk:8-jre-slim 204MB
openjdk:8-jre-alpine 85MB

65. Use Caching Effectively
FROM ubuntu
COPY . /app
RUN apt-get update
RUN apt-get -y install openjdk-8-jdk
COPY . /app
CMD [‘java’, ‘-jar’, ‘/app/target/app.jar’]

66. Single / Multi line variables
FROM alpine
ENV var1=abc
ENV var2=def
FROM alpine
ENV var1=abc
var2=def

67. Single / Multi line variables
FROM ubuntu
RUN wget tomcat.zip
RUN unzip tomcat.zip
RUN rm tomcat.zip
FROM alpine
RUN wget tomcat.zip
unzip tomat.zip
rm tomcat.zip
32 MB 21 MB

68. Tools
 cAdvisor https://github.com/google/cadvisor/
 Analyzes resource usage and performance characteristics of running containers
 Node-exporter https://github.com/prometheus/node_exporter/
 Exporter for machine metrics http://prometheus.io/
 Prometheus https://prometheus.io/
 Power your metrics and alerting with a leading open-source monitoring solution
 Grafana https://grafana.com/
 The open platform for beautiful analytics and monitoring

69. To Be Continued …
- Docker internals
 cgroups
 Limiting the resources that can be used by a processes
 namespaces
 Isolating filesystem resources
 unionFS
 Resource Management / Implicite sharing

70. To Be Continued …
- Docker Security
 The Docker Bench Security is a script that checks for dozens of common best-
practices around deploying Docker containers in production
 Docker Security Scanning

71. Q/A